﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace EComAssignment.Filter
{
    public class CustomAuthorization : AuthorizeAttribute
    {
        public int[] UserLevel { get; set; }        
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {            
            object obj = httpContext.Session["userLevel"];
            if (obj != null)
            {
                int level = (int)obj;
                if (UserLevel.Contains(level))
                {
                    return true;
                }
            }            
            return false;
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            filterContext.HttpContext.Response.StatusCode = 401;
        }        

    }
}